Configure the MID Server for CyberArk

SAVE AS PDF

Configure the MID Server for CyberArk

Configure the config.xml file to grant the MID Server access to
the CyberArk vault.

Before you begin

Role required: admin

Before starting this procedure, import the
JavaPasswordSDK.jar file into the instance.

Procedure

Manually configure the MID Server config.xml file with these parameters.

This configuration cannot be done from the instance.

Table 1. Required configuration parameters

Parameter

Value

Description

ext.cred.safe_folder

NameOfFolder

Folder to use for all credential lookups. For example,
root.

ext.cred.use_cyberark

true

Boolean parameter indicating that this MID Server is
integrated with CyberArk.

Table 2. Optional configuration parameters

Parameter

Value

Description

ext.cred.safe_timeout

5 (sec)

Timeout of each credential lookup in the vault,
specified in seconds.

ext.cred.safe_name

NameOfSafe

Default safe name used for all credential lookups. If
parameters are in multiple safes, the credential ID may
be specified in the format
<safeName>:<CredentialID>.
When configured like this, the
NameOfSafe field is ignored.
If all external credentials have their credential IDs
specified in this format, then leave out the
NameOfSafe field.

Note: By default the separator character in this
format is a colon. To assign any character you
want as a separator, add this line to the
CredMap.properties file:
safe.cred.split.string=<string>.

ext.cred.app_id

ServiceNow_MID_Server

Specifies the App-ID used to grant permission to the
MID Server to access the CyberArk vault. The default
value, ServiceNow_MID_Server,
must be defined in the CyberArk vault. You can use this
parameter to override the default and specify your own
App-ID. If you edit the App-ID in this parameter, make
sure to configure CyberArk to match.

ext.cred.type_specifier

true

Forces an IP address lookup to return credentials
that match both the CyberArk platform ID and the IP
address. For example, if an IP address is shared by both
Windows and Tomcat, a credential with a platform ID
starting with Win returns the
Windows credential only. When this parameter is set to
true, CyberArk looks for platform IDs that begin
with:

Win: Windows

Unix: SSH

VMWare: VMware

ext.cred.check_ssh_type

false

When set to true, requires that the type of SSH
credential returned from CyberArk matches the type of
credential requested. For example, if a normal SSH
username/password credential is requested and only SSH
keys are available, the credential lookup fails.